What 5 Million Apps Revealed About Secrets in JavaScript

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 ...
The Hacker News

SmartLoader Attack Uses Trojanized Oura MCP Server to Deploy StealC Infostealer

SmartLoader campaign spreading StealC via a trojanized Oura MCP server using fake GitHub forks to steal credentials and crypto funds.
The Hacker News

Microsoft Finds “Summarize with AI” Prompts Manipulating Chatbot Recommendations

Microsoft warns of AI recommendation poisoning where hidden prompts in “Summarize with AI” buttons manipulate chatbot memory and bias responses.

Fake ‘Antivirus’ App Spreads Android Malware, Steals Banking Credentials

A fake Android antivirus app called TrustBastion is spreading malware and stealing banking credentials. Here’s how it works and how to stay protected.